Vulnerability CVE-2017-3316: Information

Description

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and Availability impacts).

Severity: HIGH (8.4) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-3316

Published: Jan. 28, 2017

Modified: Sept. 2, 2017

Error type identifier: CWE-20

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
virtualbox	c7	5.1.18-alt1.M70C.1	5.1.24-alt1.M70C.1	ALT-PU-2017-1525-1	181545	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html	Patch Vendor Advisory
95579
1037638
GLSA-201702-08
41196

Affected configurations:
1. Configuration 1
  cpe:2.3:a:oracle:vm_virtualbox:5.1.12:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:vm_virtualbox:5.0.30:*:*:*:*:*:*:*

Version: v24.4.2

Vulnerability CVE-2017-3316: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1